Is Blockchain the Answer to Healthcare's Cybersecurity Concerns?

Gautham Thomas

APRIL 24, 2018

The sudden disruption hit electronic medical records (EMRs) provider AllScripts sometime between 2 AM and 6 AM on January 18. Two of the provider’s data centers had been targeted by a ransomware attack, locking up Allscripts-managed data in an extortion attempt. About 1500 of its clients—mostly small practices, according to the company—were unable to access their records for 8 days.

Like many ransomware attackers, the Allscripts hackers offered to unlock their victims’ data in return for a ransom payment in bitcoin. The electronic cryptocurrency is popular with hackers because it is virtually impossible to tie the digital currency to its holder. It’s their preferred method of payment.

But blockchain, the very technology that underpins bitcoin, might have applications that help secure data from malicious hackers and others who seek to exploit private data, like EMRs and patient information. At the same time, blockchain has burst onto healthcare’s radar to great applause, much of which might be premature or unfounded.

A Secure Blockchain Network for Personal Data

One possible application is Datum, a blockchain network in development, whose cofounder and CEO Roger Haenni describes it as “eBay for data,” a secure marketplace where individuals would control the use of their private information and profit from its sale.

When Haenni first conceptualized what would become the Datum network, he was busy developing something comparatively prosaic: Clever Baby, a wearable device much like a fitness tracker, would be used to track an infant’s vitals. Haenni’s team took the device to the prototype stage and set about planning practical trials. But in conversations with hospitals to develop trials of the Clever Baby prototype, Haenni kept running into pushback.

“We always ended up with an ethics board at the hospitals we went to,” he said. “This whole discussion started about putting the device on babies. What data is collected? Is that compliant with the data collection and privacy laws we have in our jurisdiction?”

According to Haenni, the cautiousness around data collection stemmed from liability concerns. “All of these discussions were focused around the risk [aversion] of the hospitals,” he said. “They don’t care about the parents or babies so much, but rather about liability.”

Concerns regarding patient data collection and the responsibility to protect that data aren’t trivial. Due to Health Insurance Portability and Accountability Act (HIPAA) reporting requirements, the Department of Health and Human Services maintains a public database of breaches. So far in 2018, the department lists 219 breaches due to “unauthorized access” or “hacking incidents.” Allscripts is currently subject to a class action suit brought by affected clients who allege negligence and breach of the company’s duties under HIPAA to protect their health records.

These conversations about compliance and data protection prompted Haenni to think about how to enable everyone to secure the vast volumes of data produced by everyday activities and select who is able to access and use that information. “What is the real large issue here that we can solve?” Haenni said, describing the question Datum sought to answer.

It was “this notion of returning data ownership and giving back control to the data creators who are the individuals in many cases,” he added. “That was something much more important that would have a larger impact on the world than baby wearables.”

Inside Digital Health™ delivers the information that healthcare decision makers and physicians need to confidently navigate the digital transformation. We bring you compelling stories about the institutions and individuals who are fomenting positive change — so you can join them in leveraging the tools of healthcare technology and leading the noble quest toward improving patient care and eliminating healthcare waste.